From e67824599b24ca9847eb2c2889dfbf8df2e42ea0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Florian=20F=C3=BCrstenberg?= Date: Sat, 6 Jan 2024 11:41:11 +0100 Subject: [PATCH] feat(helm-charts): Introduced priorityClassName system-node-critical as an optional boolean value MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Florian Fürstenberg --- deployment/helm/balloons/README.md | 1 + deployment/helm/balloons/templates/daemonset.yaml | 3 +++ deployment/helm/balloons/values.yaml | 4 ++++ deployment/helm/memory-qos/README.md | 3 ++- deployment/helm/memory-qos/templates/daemonset.yaml | 3 +++ deployment/helm/memory-qos/values.yaml | 4 ++++ deployment/helm/memtierd/README.md | 3 ++- deployment/helm/memtierd/templates/daemonset.yaml | 3 +++ deployment/helm/memtierd/values.yaml | 4 ++++ deployment/helm/sgx-epc/README.md | 6 ++++-- deployment/helm/sgx-epc/templates/daemonset.yaml | 3 +++ deployment/helm/sgx-epc/values.yaml | 4 ++++ deployment/helm/template/README.md | 1 + deployment/helm/template/templates/daemonset.yaml | 3 +++ deployment/helm/template/values.yaml | 4 ++++ deployment/helm/topology-aware/README.md | 1 + deployment/helm/topology-aware/templates/daemonset.yaml | 3 +++ deployment/helm/topology-aware/values.yaml | 5 ++++- 18 files changed, 53 insertions(+), 5 deletions(-) diff --git a/deployment/helm/balloons/README.md b/deployment/helm/balloons/README.md index 8d74bc252..c3b6dbce0 100644 --- a/deployment/helm/balloons/README.md +++ b/deployment/helm/balloons/README.md @@ -98,6 +98,7 @@ customize with their own values, along with the default values. | `hostPort` | 8891 | metrics port to expose on the host | | `config` | see [helm chart values](tree:/deployment/helm/balloons/values.yaml) for the default configuration | plugin configuration data | | `nri.patchRuntimeConfig` | false | enable NRI in containerd or CRI-O | +| `nri.setPodPriorityClassNodeCritical` | false | enable [marking Pod as node critical](https://kubernetes.io/docs/tasks/administer-cluster/guaranteed-scheduling-critical-addon-pods/#marking-pod-as-critical) | | `initImage.name` | [ghcr.io/containers/nri-plugins/config-manager](https://ghcr.io/containers/nri-plugins/config-manager) | init container image name | | `initImage.tag` | unstable | init container image tag | | `initImage.pullPolicy` | Always | init container image pull policy | diff --git a/deployment/helm/balloons/templates/daemonset.yaml b/deployment/helm/balloons/templates/daemonset.yaml index d496b2b47..21b83d8d2 100644 --- a/deployment/helm/balloons/templates/daemonset.yaml +++ b/deployment/helm/balloons/templates/daemonset.yaml @@ -87,6 +87,9 @@ spec: mountPath: /var/run/nri-resource-policy - name: nrisockets mountPath: /var/run/nri + {{- if .Values.nri.setPodPriorityClassNodeCritical }} + priorityClassName: system-node-critical + {{- end }} volumes: - name: resource-policydata hostPath: diff --git a/deployment/helm/balloons/values.yaml b/deployment/helm/balloons/values.yaml index 7d37c4c6e..207c7a1f0 100644 --- a/deployment/helm/balloons/values.yaml +++ b/deployment/helm/balloons/values.yaml @@ -42,6 +42,10 @@ resources: nri: patchRuntimeConfig: false + # NRI plugins should be considered as part of the container runtime. + # Therefore, adding the system-node-critical priority class to the DaemonSet, + # could mitigate potential risk in a running system under load. + setPodPriorityClassNodeCritical: false initContainerImage: name: ghcr.io/containers/nri-plugins/nri-config-manager diff --git a/deployment/helm/memory-qos/README.md b/deployment/helm/memory-qos/README.md index 580cfbe92..a885b729b 100644 --- a/deployment/helm/memory-qos/README.md +++ b/deployment/helm/memory-qos/README.md @@ -94,8 +94,9 @@ customize with their own values, along with the default values. | `image.tag` | unstable | container image tag | | `image.pullPolicy` | Always | image pull policy | | `resources.cpu` | 10m | cpu resources for the Pod | -| `resources.memory` | 100Mi | memory qouta for the | +| `resources.memory` | 100Mi | memory qouta for the Pod | | `nri.patchRuntimeConfig` | false | enable NRI in containerd or CRI-O | +| `nri.setPodPriorityClassNodeCritical` | false | enable [marking Pod as node critical](https://kubernetes.io/docs/tasks/administer-cluster/guaranteed-scheduling-critical-addon-pods/#marking-pod-as-critical) | | `initImage.name` | [ghcr.io/containers/nri-plugins/config-manager](https://ghcr.io/containers/nri-plugins/config-manager) | init container image name | | `initImage.tag` | unstable | init container image tag | | `initImage.pullPolicy` | Always | init container image pull policy | diff --git a/deployment/helm/memory-qos/templates/daemonset.yaml b/deployment/helm/memory-qos/templates/daemonset.yaml index 11e772e39..c62c1b28a 100644 --- a/deployment/helm/memory-qos/templates/daemonset.yaml +++ b/deployment/helm/memory-qos/templates/daemonset.yaml @@ -62,6 +62,9 @@ spec: mountPath: /etc/nri/memory-qos - name: nrisockets mountPath: /var/run/nri + {{- if .Values.nri.setPodPriorityClassNodeCritical }} + priorityClassName: system-node-critical + {{- end }} volumes: - name: memory-qos-config-vol configMap: diff --git a/deployment/helm/memory-qos/values.yaml b/deployment/helm/memory-qos/values.yaml index 5d33068bb..87249ba39 100644 --- a/deployment/helm/memory-qos/values.yaml +++ b/deployment/helm/memory-qos/values.yaml @@ -14,6 +14,10 @@ resources: nri: patchRuntimeConfig: false + # NRI plugins should be considered as part of the container runtime. + # Therefore, adding the system-node-critical priority class to the DaemonSet, + # could mitigate potential risk in a running system under load. + setPodPriorityClassNodeCritical: false initContainerImage: name: ghcr.io/containers/nri-plugins/nri-config-manager diff --git a/deployment/helm/memtierd/README.md b/deployment/helm/memtierd/README.md index e46ae3076..af82a1476 100644 --- a/deployment/helm/memtierd/README.md +++ b/deployment/helm/memtierd/README.md @@ -93,9 +93,10 @@ customize with their own values, along with the default values. | `image.tag` | unstable | container image tag | | `image.pullPolicy` | Always | image pull policy | | `resources.cpu` | 250m | cpu resources for the Pod | -| `resources.memory` | 100Mi | memory qouta for the | +| `resources.memory` | 100Mi | memory qouta for the Pod | | `outputDir` | empty string | host directory for memtierd.output files | | `nri.patchRuntimeConfig` | false | enable NRI in containerd or CRI-O | +| `nri.setPodPriorityClassNodeCritical` | false | enable [marking Pod as node critical](https://kubernetes.io/docs/tasks/administer-cluster/guaranteed-scheduling-critical-addon-pods/#marking-pod-as-critical) | | `initImage.name` | [ghcr.io/containers/nri-plugins/config-manager](https://ghcr.io/containers/nri-plugins/config-manager) | init container image name | | `initImage.tag` | unstable | init container image tag | | `initImage.pullPolicy` | Always | init container image pull policy | diff --git a/deployment/helm/memtierd/templates/daemonset.yaml b/deployment/helm/memtierd/templates/daemonset.yaml index d8b527fa9..232598f39 100644 --- a/deployment/helm/memtierd/templates/daemonset.yaml +++ b/deployment/helm/memtierd/templates/daemonset.yaml @@ -80,6 +80,9 @@ spec: - name: run-dir-vol mountPath: /run-dir {{- end }} + {{- if .Values.nri.setPodPriorityClassNodeCritical }} + priorityClassName: system-node-critical + {{- end }} volumes: - name: memtierd-config-vol configMap: diff --git a/deployment/helm/memtierd/values.yaml b/deployment/helm/memtierd/values.yaml index f161096d1..c0dd9017f 100644 --- a/deployment/helm/memtierd/values.yaml +++ b/deployment/helm/memtierd/values.yaml @@ -16,6 +16,10 @@ outputDir: "" nri: patchRuntimeConfig: false + # NRI plugins should be considered as part of the container runtime. + # Therefore, adding the system-node-critical priority class to the DaemonSet, + # could mitigate potential risk in a running system under load. + setPodPriorityClassNodeCritical: false initContainerImage: name: ghcr.io/containers/nri-plugins/nri-config-manager diff --git a/deployment/helm/sgx-epc/README.md b/deployment/helm/sgx-epc/README.md index ab3759506..576d4b575 100644 --- a/deployment/helm/sgx-epc/README.md +++ b/deployment/helm/sgx-epc/README.md @@ -94,9 +94,11 @@ customize with their own values, along with the default values. | `image.tag` | unstable | container image tag | | `image.pullPolicy` | Always | image pull policy | | `resources.cpu` | 25m | cpu resources for the Pod | -| `resources.memory` | 100Mi | memory qouta for the | +| `resources.memory` | 100Mi | memory qouta for the Pod | | `nri.patchRuntimeConfig` | false | enable NRI in containerd or CRI-O | -| `initImage.name` | [ghcr.io/containers/nri-plugins/config-manager](https://ghcr.io/containers/nri-plugins/config-manager) | init container image name | +| `nri.setPodPriorityClassNodeCritical` | false | enable [marking Pod as node critical](https://kubernetes.io/docs/tasks/administer-cluster/guaranteed-scheduling-critical-addon-pods/#marking-pod-as-critical) | +| `initImage.name` | [ghcr.io/containers/nri-plugins/config-manager](https://ghcr.io/containers/nri-plugins/config-manager) | +| init container image name | | `initImage.tag` | unstable | init container image tag | | `initImage.pullPolicy` | Always | init container image pull policy | | `tolerations` | [] | specify taint toleration key, operator and effect | diff --git a/deployment/helm/sgx-epc/templates/daemonset.yaml b/deployment/helm/sgx-epc/templates/daemonset.yaml index 4373dccfa..25a5c6d8b 100644 --- a/deployment/helm/sgx-epc/templates/daemonset.yaml +++ b/deployment/helm/sgx-epc/templates/daemonset.yaml @@ -58,6 +58,9 @@ spec: volumeMounts: - name: nrisockets mountPath: /var/run/nri + {{- if .Values.nri.setPodPriorityClassNodeCritical }} + priorityClassName: system-node-critical + {{- end }} volumes: - name: nrisockets hostPath: diff --git a/deployment/helm/sgx-epc/values.yaml b/deployment/helm/sgx-epc/values.yaml index e593c951b..5520bcd63 100644 --- a/deployment/helm/sgx-epc/values.yaml +++ b/deployment/helm/sgx-epc/values.yaml @@ -14,6 +14,10 @@ resources: nri: patchRuntimeConfig: false + # NRI plugins should be considered as part of the container runtime. + # Therefore, adding the system-node-critical priority class to the DaemonSet, + # could mitigate potential risk in a running system under load. + setPodPriorityClassNodeCritical: false initContainerImage: name: ghcr.io/containers/nri-plugins/nri-config-manager diff --git a/deployment/helm/template/README.md b/deployment/helm/template/README.md index e53517a99..86ff57019 100644 --- a/deployment/helm/template/README.md +++ b/deployment/helm/template/README.md @@ -98,6 +98,7 @@ customize with their own values, along with the default values. | `hostPort` | 8891 | metrics port to expose on the host | | `config` | see [helm chart values](tree:/deployment/helm/template/values.yaml) for the default configuration | plugin configuration data | | `nri.patchRuntimeConfig` | false | enable NRI in containerd or CRI-O | +| `nri.setPodPriorityClassNodeCritical` | false | enable [marking Pod as node critical](https://kubernetes.io/docs/tasks/administer-cluster/guaranteed-scheduling-critical-addon-pods/#marking-pod-as-critical) | | `initImage.name` | [ghcr.io/containers/nri-plugins/config-manager](https://ghcr.io/containers/nri-plugins/config-manager) | init container image name | | `initImage.tag` | unstable | init container image tag | | `initImage.pullPolicy` | Always | init container image pull policy | diff --git a/deployment/helm/template/templates/daemonset.yaml b/deployment/helm/template/templates/daemonset.yaml index d8d1a6732..25de1d499 100644 --- a/deployment/helm/template/templates/daemonset.yaml +++ b/deployment/helm/template/templates/daemonset.yaml @@ -80,6 +80,9 @@ spec: mountPath: /var/run/nri-resource-policy - name: nrisockets mountPath: /var/run/nri + {{- if .Values.nri.setPodPriorityClassNodeCritical }} + priorityClassName: system-node-critical + {{- end }} volumes: - name: resource-policydata hostPath: diff --git a/deployment/helm/template/values.yaml b/deployment/helm/template/values.yaml index 04feb68aa..d3930810e 100644 --- a/deployment/helm/template/values.yaml +++ b/deployment/helm/template/values.yaml @@ -30,6 +30,10 @@ resources: nri: patchRuntimeConfig: false + # NRI plugins should be considered as part of the container runtime. + # Therefore, adding the system-node-critical priority class to the DaemonSet, + # could mitigate potential risk in a running system under load. + setPodPriorityClassNodeCritical: false initContainerImage: name: ghcr.io/containers/nri-plugins/nri-config-manager diff --git a/deployment/helm/topology-aware/README.md b/deployment/helm/topology-aware/README.md index ac54a97b6..1e3cbe7a9 100644 --- a/deployment/helm/topology-aware/README.md +++ b/deployment/helm/topology-aware/README.md @@ -99,6 +99,7 @@ customize with their own values, along with the default values. | `hostPort` | 8891 | metrics port to expose on the host | | `config` | see [helm chart values](tree:/deployment/helm/topology-aware/values.yaml) for the default configuration | plugin configuration data | | `nri.patchRuntimeConfig` | false | enable NRI in containerd or CRI-O | +| `nri.setPodPriorityClassNodeCritical` | false | enable [marking Pod as node critical](https://kubernetes.io/docs/tasks/administer-cluster/guaranteed-scheduling-critical-addon-pods/#marking-pod-as-critical) | | `initImage.name` | [ghcr.io/containers/nri-plugins/config-manager](https://ghcr.io/containers/nri-plugins/config-manager) | init container image name | | `initImage.tag` | unstable | init container image tag | | `initImage.pullPolicy` | Always | init container image pull policy | diff --git a/deployment/helm/topology-aware/templates/daemonset.yaml b/deployment/helm/topology-aware/templates/daemonset.yaml index aa4aefdbc..13508853a 100644 --- a/deployment/helm/topology-aware/templates/daemonset.yaml +++ b/deployment/helm/topology-aware/templates/daemonset.yaml @@ -87,6 +87,9 @@ spec: mountPath: /var/run/nri-resource-policy - name: nrisockets mountPath: /var/run/nri + {{- if .Values.nri.setPodPriorityClassNodeCritical }} + priorityClassName: system-node-critical + {{- end }} volumes: - name: resource-policydata hostPath: diff --git a/deployment/helm/topology-aware/values.yaml b/deployment/helm/topology-aware/values.yaml index 774830940..0f3350096 100644 --- a/deployment/helm/topology-aware/values.yaml +++ b/deployment/helm/topology-aware/values.yaml @@ -30,7 +30,10 @@ resources: nri: patchRuntimeConfig: false - + # NRI plugins should be considered as part of the container runtime. + # Therefore, adding the system-node-critical priority class to the DaemonSet, + # could mitigate potential risk in a running system under load. + setPodPriorityClassNodeCritical: false initContainerImage: name: ghcr.io/containers/nri-plugins/nri-config-manager